The Cryptocurrency Security Standard (CCSS) focuses on safeguarding systems that use cryptocurrencies. CCSS includes two main categories of controls: Cryptographic Asset Management and Operations, broken down into 10 key aspects such as Key/Seed Generation, Wallet Creation, Key Storage, Key Usage, Key Compromise Policy (KCP), Keyholder Grant/Revoke Policies, Security Tests/Audits, Data Sanitization Policy, Proof of Reserve, and Audit Logs.
There are three CCSS compliance levels, ranging from the baseline essential security controls to more stringent measures at higher levels. CCSS audits are performed by CCSSA-certified auditors. As of now, no entities are fully CCSS compliant. Certification requires an independent CCSSA audit, resulting in a Certificate of Compliance if criteria are met. The CCSS Steering Committee, composed of experts in cryptocurrency, oversees the standard.
To achieve compliance, organizations must hire a CCSS-certified auditor and pay a listing fee. CCSS is crucial for any entity using cryptocurrencies. Adhering to even the minimum compliance level could significantly reduce the impact of many hacks. For mainstream cryptocurrency adoption, it’s vital for organizations to demonstrate strong information security practices, akin to traditional financial institutions.
